-
Notifications
You must be signed in to change notification settings - Fork 2.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add credential passthrough in base-jdbc connector #482
Add credential passthrough in base-jdbc connector #482
Conversation
I think there is a simpler and more flexible way. When we designed extra credentials, we intentionally did not namespace them per connector to allow flexibility. For example, you might have multiple MySQL catalogs for different servers, but they all share the same authentication, so you want to use the same property name. We can put all the logic for using credentials inside of
These credential names would be stored with the catalog replaced when For the config naming, something like |
I did another experiment (just for fun), where I used extra credentials as variables. That way it is very flexible. For example
Then all |
Also I think, that at some point we need to have support extra credentials in access control. Similar to |
@kokosing That’s an interesting idea. I like that it’s fledible, but I can’t think of any use cases that it enables over my proposal. Two cocncerns are that it makes error reporting more difficult and replacing part of the JDBC URL with use provided data seems dangerous. That said, please continue thinking along these lines. |
This might require some escaping mechanism. However, most of the things (eg |
Thanks for the feedback! Setting the credential key in config files is brilliant, and indeed simplifies the implementation. I'll update the PR. I think we should only allow |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
presto-base-jdbc/src/main/java/io/prestosql/plugin/jdbc/DriverConnectionFactory.java
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It looks good to me.
I think it still needs end-to-end testing. To see that with extra credentials we are capable to connect as different user.
presto-base-jdbc/src/main/java/io/prestosql/plugin/jdbc/BaseJdbcConfig.java
Show resolved
Hide resolved
presto-base-jdbc/src/main/java/io/prestosql/plugin/jdbc/BaseJdbcConfig.java
Show resolved
Hide resolved
@kokosing I was thinking about writing production tests for it but couldn't figure out an easy way to set up user/credential in Or is there any other unit tests that can achieve the same goal? |
Let's have product tests a last resort option. I would go with "unit" tests. See that |
I was working on adding credential passthrough in
presto-base-jdbc
connector and others extend it. Thanks toJdbcIdentity
added by @kokosing this is straighforward.To specify the credential for different jdbc connectors, we need to have a namespace based on catalog name, so I recreate the
JdbcConnectorId
deleted by @kokosing but name itJdbcCatalogName
(as we are replacingconnector id
withcatalog name
).Create this PR to collect feedback on this feature, as well as the implementation.
@electrum @findepi @kokosing